Security Opportunities and Demands of Digital Transformation

As a customer-focused organization, we listen carefully to how organizations are dealing with Digital Transformation, especially in regards to how those initiatives are both impacting their overall business and security strategy and planning. Photo by Ross Findon on Unsplash

The Actual Meaning of Digital Transformation

We hear this popular term used within the context of large enterprises as a label for various projects and internal changes to apply digital technologies and data processes to re-tool the business for new growth.

However, there's no organization I know that is just now transforming their business into becoming digital: everyone uses email, computers, mobile devices, and with ubiquitous WiFi and internet access, comes video conferencing and instant messaging. So “digital transformation” is a bit of a misnomer with the proliferation of digital communication and data manipulation tools readily available.

Digital Transformation typically means two things:

Projects that move your physical infrastructure to the cloud

Projects that make a business a web software company

Real World Examples of New Applications Driving Growth

As CEO at Signal Sciences, I’m fortunate enough to meet and hear from customers on a regular basis to discuss their day-to-day challenges, including Digital Transformation efforts and impacts. Here are some real world examples of that change as organizations optimize how they deliver web-based services from a software development standpoint:

A CISO of a major automaker we work with told me they have over 5,000 developers on staff. 5,000! But that’s not a large number relative to the millions of cars sold annually, all of which run software. That includes the mobile apps that enable customers to control various aspects of the car. These software interfaces—EntuneTM from Toyota and Uconnect® from Fiat Chrysler Automobiles for example—are becoming differentiators in the car-ownership experience.

We also work with several brick-and-mortar restaurant chains. One of them launched a brand new mobile application a few months ago that enables customers to order and purchasing food: it now already represents close to 15 percent of their entire business.

Both examples show that companies that had not thought of themselves as custom software developers and publishers are now building out that arm of their businesses. To execute more effectively, they often hire chief digital officers. But overall, the new software-focused arm drives new business and opens up entirely new ways to connect with customers, learn about them, and market to them–all of which feeds back into driving the growth and focus of the entire business.

In sum, Digital Transformation is really about changing the business by leveraging digital assets and tools to differentiate, improve, and optimize user experience—and ultimately growth.

Security Realities Introduced by Digital Transformation

These new application-focused portions of the business also introduce new potential attack vectors that did not exist before, both on the customer-facing frontend (think: authentication flows) and within cloud infrastructure.

So security teams’ responsibilities are changing dramatically in response to these changes in the business. The evolving focus on software development means security departments that have historically focused on securing internal networks now must plan for and hire for the secure development and deployment of web based software—this ultimately demands security practitioners with a different DNA and a security playbook that you can't pull out of the network world or even boxtop retail software development world. It also requires adopting tools that enable and enforce application security.

Let’s look at a company like Intuit, which offers several consumer financial offerings. A decade ago, you ran their TurboTax software on your laptop or PC. But now they've transitioning TurboTax to the web and mobile-delivered versions of the software. In 2018, 20 percent—that’s 8 million people—of TurboTax customers used their mobile phone to file.

Intuit realized that with web portal access to TurboTax as the major use case, their sensitive customer information was now in a central location. Compared to the old way where it was installed and spread out on customer laptops, TurboTax is now accessible via their web platform. With this transformation, Intuit has become a leader in the DevSecOps space and built an integrated approach to managing web security to work alongside web development teams instead of trying to take what they did to secure their old marketing apps and just make it a bit better.

Embracing Change as Opportunity

Working with customers across verticals within the realm of application security allows us to look at Digital Transformation through several lenses: we're really seeing both security and engineering teams out there embrace business change by using it as an opportunity to approach problems with new approaches. And in doing so, they’re building and leveraging new ways to both build new services in the cloud while building developer-centric security DNA into their teams to partner closely and match the evolution we're seeing in the Digital Transformation economy.